Skip to main content

Threat Detection ManagementThreat Detection Management Guide

Correlation Rules

A correlation rule is a predefined, fact-based rule designed to identify and flag specific, abnormal behaviors or events within a system. By analyzing sequences of events or conditions, these rules detect patterns indicative of potential threats.

Correlation Rule Capabilities

Exabeam offers both prebuilt and customizable correlation rules:

  • Prebuilt Rules – Developed by Exabeam threat researchers, these rules identify well-known threats and anomalies.

  • Custom Rules – You can create your own rules from scratch or use templates to define triggering events, conditions, and evaluation criteria.

Key Components of Correlation Rules

By effectively utilizing correlation rules, organizations can proactively identify and respond to security threats, reducing the risk of breaches and data loss.

  • Triggering Events – The specific events or conditions that initiate the rule evaluation.

  • Conditions – The criteria used to filter and analyze the triggering events.

  • Evaluation Criteria – The logic used to determine if a potential threat has been detected, often involving grouping and analysis of events.